The Hash Challenge

The facebook discussion about my previous blogpost went off-topic and resulted in an interesting challenge. One of the commenters (Stilgar) was not convinced that passwords hashed with MD5 (or SHA) are so easy to crack if there is salt. So he posted a challenge:

“I’ll post the hash of a “password” which is going to be a dictionary word with or without mixed case letters and up to 3 digits. There will be salt – 8 random symbols before the password. Whoever posts the right password first gets 100 euro (via PayPal). I accept that I may be wrong, but I would risk 100 euro. In the real world, most sites would sell out a user for 100 euro. If I lose, I’ll admit I’m not right [..]

salt: fe#ad746
MD5: CD7B1E790D877EE64613D7F0FD38932A
Code to generate it: https://dotnetfiddle.net/st0RfL

Bonus for 50 EUR more (another password, same salt)
salt: fe#ad746
SHA1: FE3463DC8B98D33C1DD8D823B0D49DCD991E6627

We must note that the salt is really small, which distorts the experiment a bit, but anyway, here’s what happened:

The original challenge was posted at 00:20

At 5:20 Rumen posted:

The password is: DeveloP9

my code: http://pastebin.com/enzgq1iz

So, here’s my PayPal: ….

At 6:15 Petar posted:

fe3463dc8b98d33c1dd8d823b0d49dcd991e6627:fe#ad746:Techno21

And the times reported for cracking the challenge on a desktop computer was 1-3 minutes.

So, Stilgar lost 150 euro (around 180 USD). But hopefully that’s a valuable story – that using the output of hashing algorithms for storing passwords is wrong. Because if anyone gets hold of the hash, he has the password. And that may be worth way more than 150 euro, especially due to the tendency of users to reuse passwords. If your sites stores password incorrectly, an attack may get the accounts of the same users on many other sites.

For precisely that reason last year I wrote this simple project to verify your site’s password storage mechanism and emphasized on the fact that bcrypt is the bare minimum for your website security.

4 thoughts on “The Hash Challenge”

  1. Just for the record I knew MD5 and SHA1 were insecure and I knew precisely why. I just did not know how fast these could be cracked. I imagined that it would take a day on a CPU.

    Also larger salt would not affect the experiment significantly. The time would scale linearly with the larger salt so who cares?

  2. Both MD5 and SHA1 are widely known to be unsuitable for password storage. Algorithms intended for password storage (e.g. Blowfish and its successors) are specifically designed to be slow exactly for the purpose of making brute force attacks impractical.

  3. Besides, salting is completely unrelated to resistance to brute force attacks. What salting actually prevents is cracking _one_ hash and seeing all other accounts in the auth database that use the same password. That is the _only_ purpose of salting, and it does it quite well.

  4. Lanzz, the main reason to use a salt is to prevent people from using a huge prehashed rainbow table, since they have to encrypt every password again with the salt.

Leave a Reply

Your email address will not be published. Required fields are marked *